Creating a cybersecurity culture


Today’s organizations are more concerned with cyberattacks than ever before. Traditionally, the solution to the problem was to continue to create stronger security for your network. However, more and more companies are beginning to realize that the real value is in creating a workplace culture that understands, prizes and implements cybersecurity.

Problems with not having a cybersecurity culture

There are two fundamental problems that exist when not enough value is placed on cybersecurity. One issue is that cybersecurity is seen by many as the sole responsibility of the IT security group. The second is that too often the security awareness training does not convey the idea that everyone needs to integrate secure behaviors into their daily work activities. The attitude is that although cyber threats are serious, they are someone else’s problem in the organization to protect against and solve.

So how can you get those inside your business interested, involved and working with you, not against you? Here are a few tips…

Enforce a comprehensive security training program

Enforcing a comprehensive security training program can go a long way toward preventing accidental leaks. Most employees may not know or understand what a malicious insider looks like or what warning signs to watch for. By providing training on how to recognize warning signs in emails, websites and other programs, it helps give employees the right tools to combat cyberattacks and empower employees to report the incidents. Learn more about the fundamentals of a good security program.

Don’t just delegate, get involved

A key ingredient to any successful cybersecurity culture is direct involvement by executive management to encourage everyone to integrate secure behaviors into their daily work. Research shows when management support for security awareness is not highly visible, the awareness training programs have little effect. On the other hand, organizations that say that their awareness programs are driving change overwhelmingly attribute these changes to involvement from executive leaders living and promoting a culture of security. Having everyone at all levels on board can highlight that combating security issues is a team issue, not an individual one.

Find the motivation

Security awareness is important for all aspects of life, not just in the workplace. This is especially true in today’s always-on culture, where people are routinely exposed to phishing, password challenges, data theft and other cybercriminal tactics. Get all employees on board by raising awareness of security issues and concerns in a wider context, such as how to better protect families and personal finances. By highlighting all the security scenarios in all areas of life, employees will be more engaged and their emotional interest will be sparked.

Creating this culture involves starting with a strong foundation and building up while making certain your team is there with you. Do you have other ideas on how to strengthen your organization’s cybersecurity? Comment below!

Spread the word: Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestBuffer this pageEmail this to someone
UMSA Org About UMSA Org

UMSA (Upper Midwest Security Alliance) is an alliance of security and risk-related organizations. As a nonprofit founded in 2004, UMSA serves business, government and education professionals in the upper Midwest, collaborating with professional associations, educators and industry-leading companies to provide professional development opportunities that contribute to a stronger security foundation for organizations.


  1. At TITUS we truly believe you need to change the culture by engaging with each and every user with their daily workflow of business. TITUS helps you classify and identify the important and sensitive data that users create, share and handle. Once the data is identified we can guide the users to handle it safely. Want to learn more, please contact me.

  2. Bjarte Malmedal says:


    We did a huge study on the Norwegian Cybersecurity Culture in 2016. The work included a new way to “measure” cybersecurity culture.

    Full report here:

Leave a Comment